package com.weijianhuawen.wjblog.admin.config;

import com.weijianhuawen.wjblog.jwt.config.JwtAuthenticationSecurityConfig;
import com.weijianhuawen.wjblog.jwt.filter.TokenAuthenticationFilter;
import com.weijianhuawen.wjblog.jwt.handler.RestAccessDeniedHandler;
import com.weijianhuawen.wjblog.jwt.handler.RestAuthenticationEntryPoint;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;

import javax.annotation.Resource;

/**
 * @version: java version 8
 * @Author: weijianhuawen
 * @description: 登录鉴权配置
 * @date: 2024-10-15 23:13
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Resource
    private JwtAuthenticationSecurityConfig securityConfig;
    @Resource
    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
    @Resource
    private RestAccessDeniedHandler restAccessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//                .mvcMatchers("/admin/**").authenticated() // 认证以所有admin开头的url
//                .anyRequest().permitAll().and() // 除此之外均放行
//                .formLogin().and() //使用表单登录
//                .httpBasic(); //使用httpbasic认证
        http.csrf().disable() //禁用csrf
                .formLogin().disable() //禁用表单登录
                .apply(securityConfig) //使用用户登录相关配置
                .and()
                    .authorizeRequests()
                    .mvcMatchers("/admin/**").authenticated()
                    .anyRequest().permitAll()
                .and()
                    .httpBasic().authenticationEntryPoint(restAuthenticationEntryPoint)
                .and()
                    .exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
                .and()
                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //前后端分离，无需创建会话
                .and()
                    .addFilterBefore(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); //将token认证设置在用户认证之前
    }

    @Bean
    public TokenAuthenticationFilter tokenAuthenticationFilter() {
        return new TokenAuthenticationFilter();
    }
}
